Manager-IT Risk Management

As an S&C Electric team member youll work on projects that have realworld impact. Youll help transform the grid for resilient and reliable power worldwide. S&C has more than a 100year history of innovation and has been 100% employeeowned since 2012. We continue this legacy as a trusted forwardthinking leader in the electrical industry. You will advance a safer more reliable and more resilient electrical grid. Our products help the grid adapt to severe weather and transition to clean energy. Were big enough to be a respected industry leader but small enough for you to impact our company directly. Our commitment gives you opportunities to impact on and off the job positively.

Join S&C to make an impact on tomorrows energy challenges and become an employeeowner!

Hours

8:00 am 5:00 pm (MonFri) Remote

Compensation

At S&C we are dedicated to providing competitive and equitable compensation for all our team members and we are committed to transparency in our pay practices. The estimated annual base salary range for this position in the United States is $125000 $165572. Individual pay within this salary range is determined by several compensable factors including performance knowledge jobrelated skills and experience and relevant education or training. This role is also eligible for S&Cs annual incentive plan (AIP) subject to eligibility criteria.

Join Our Team as ManagerIT Risk Management!

The Information Technology team is responsible for designing implementing and maintaining a robust technology infrastructure to support the organizations operations. Through improving cybersecurity and troubleshooting technical issues to driving innovation through cuttingedge solutions the IT team ensures seamless connectivity data security and optimal functionality empowering the company with a reliable and efficient digital ecosystem aligned with strategic goals.

The ManagerIT Risk Management manages a team of cybersecurity professionals and operationalizes the Cyber Security Operations Center (CSOC) Model of key CSOC functions and tiers. The manager is responsible for proactive and reactive risk mitigation through threat intelligence technical and procedural controls and incident preparation management and remediation. Responsibilities also include configuration and monitoring of security technologies for security posture management. While directly executing daytoday CSOC activities this role involves crossfunctional collaboration and problem solving to communicate with other teams and stakeholders. Using a riskbased proactive approach the Manager works closely with the DirectorIT Risk Management to maintain resilient security controls and processes and foster a culture of awareness within the organization.

Key Responsibilities

• CSOC Program Development: Plan and execute operational plans with a 12 year focus to establish and mature comprehensive programs for Incident Management (IM) and applicable areas of Security Posture Management (SPM). Communicate with and influence key stakeholders within and outside of the CSOC to ensure effective establishment and execution of program policies practices and procedures. Manage SOC resources and service providers. Ensure continuous monitoring of the threat landscape and modify security technologies and procedures as appropriate to continually mature and improve CSOC programs. IM: Lead and exercise the full implementation of the IT Cybersecurity Incident Response Team (IT CSIRT) and its processes and integration of the IT CSIRT with the Corporate Critical Incident Response Team (CCIRT). Ensure all needed security log information is received and rules are configured to capture relevant information and generating useful alerts that are actioned to best address risks. SPM: Implement administer and monitor technology and processes to detect and analyze weaknesses in the enterprise environment and ensure the prioritized adjudication of findings. This includes establishing and driving the implementation of security configuration baselines for endpoints and information assets.
• Leadership & People Management: Lead inspire and develop a highperforming team of experienced professionals. Foster appropriate and professional workplace behaviors address/mediate conflicts to restore harmony and support a positive healthy and inclusive workplace culture by S&Cs mission vision values and guiding principles. Consulting the Director manage administrative team member processes including but not limited to recruitment hiring induction vacation management performance reviews performance improvement plans firing promotion and workforce/succession planning. Proactively establish monitor and hold team members accountable to clear responsibilities and accountabilities; provide ongoing performance feedback both positive and developmental; address performance gaps promptly; recognize and reward achievements; and initiate decisions for corrective actions and terminations where required. Foster a culture that supports the growth and development of team members and proactively train mentor and coach team members.
• KPI/KRI Tracking: Develop critical Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) that identify crucial measurements of success in improving CSOC operations and managing risk. Provide insights and use data to illustrate a succinct narrative for both technical and nontechnical decisionmakers. Establish useful KPIs and other metrics measuring CSOC process and team member effectiveness to then finetune operational plans. Provide regular operational communications and status reports to direct leader and key stakeholders.
• Strategy Support: Provide recommendations for key results initiatives and individual goals based on CSOC processes procedures and control implementation gaps in accordance with ISO 27001 controls CIS benchmarks and identified risks. Regularly assess and report the effectiveness and impact of cybersecurity initiatives applying a continuous improvement and riskbased mindset to manage the overall security posture.
• Information Security Culture: Collaborate with leadership other IT teams and S&Cs functional areas to identify develop implement and maintain processes and controls to reduce information technology risks. Recommend objectives and ensure that business functions are aware of the importance and impacts of information and cyber security risk management on their specific function. Encourages others to champion information risk management.
• Training & Awareness: Build cybersecurity knowledge skills resilience at all levels of the CSOC team. Design training & awareness activities and measure of success through metrics that demonstrate training program effectiveness.
• Documentation: Maintain thorough organized current and accurate records and documentation. Develop and present regular reports on CSOC performance metrics and project status to senior management.
• Budget Management:Program expenditures for the CSOC technology stack in accordance with the strategic roadmap and inform the teams strategic spend. Monitor and manage the daytoday of CSOC impacts to the IT budget and ensure expenses adhere to planned spend and cost efficiency whilst supporting the achievement of departmental strategies and objectives.
• Compliance:Understand and comply with all applicable Company policies and rules.

What youll Need To Succeed

• Bachelors degree in Information Systems Computer Science Business or equivalent experience.
• 7 years of experience in Information Security or a related role.
• Demonstrated experience managing an IT team focused on risk management and/or securityrelated projects.
• Strong knowledge of information and cyber security principles technology and best practices.
• Experience in using and administering document management systems Microsoft cybersecurity technology including Sentinel and Purview or similar platforms.
• Practical knowledge of ISO 27001:2022 and CIS critical controls and safeguards and the ability to understand and apply evolving standards and requirements.
• Ability to collaborate effectively with crossfunctional teams and external stakeholders.
• Possess a collaborative and riskbased mindset and great communication skills.
• Strong leadership skills with an ability to lead guide motivate and delegate to deliver results embrace change drive decisions and outcomes embrace culture and inclusion and exhibit integrity.
• Excellent organizational planning and project management skills creatively problemsolving issues and juggling a portfolio of initiatives.
• Excellent communication skills (written verbal listening and presentation); able to liaise effectively with internal and external stakeholders to drive decisions and achieve targeted results.
• Strong interpersonal skills to establish meaningful relationships built on mutual trust and respect navigate and resolve conflict moderate behaviors and foster collaborative working relationships amongst a diverse audience.
• Ability to use business acumen and analytical skills to analyze data to drive informed decisions and problemsolve issues.
• Foundational financial acumen with the ability to provide input to budgetary processes for fiscal effectiveness.
• Ability to travel as required.

Preferred

• Advanced degree or relevant certifications.
• Relevant cybersecurity certifications (e.g. Security CISM CISSP)
• Demonstrated leadership experience within an IT function.
• Leadership experience specific to Incident Management.

S&C Electric is committed to equalopportunity employment. All employees and applicants will be considered without regard to age color disability gender national origin race religion sexual orientation gender identity protected veteran status or any other classification protected by federal state or local law. If you are an individual with a disability and need an accommodation to complete the application please email us at

No fixed deadline

#LIBB1